Sample viewer

vx.netlux.org/Virus.DOS.Evasor.394

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:07.813043753Z 26 PC: 1325f | Set disk transfer address
2018-12-17T22:50:07.814293776Z 78 PC: 1326a | Find first file
2018-12-17T22:50:07.822054225Z 67 PC: 1329d | Get or set file attributes
2018-12-17T22:50:07.840062063Z 61 PC: 132a3 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:07.847121229Z 87 PC: 132a9 | Get or set file date and time
2018-12-17T22:50:07.849196795Z 63 PC: 132b6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:07.855961189Z 87 PC: 1331f | Get or set file date and time
2018-12-17T22:50:07.857565041Z 62 PC: 13323 | Close file
2018-12-17T22:50:07.866634591Z 79 PC: 1326a | Find next file
2018-12-17T22:50:07.87022983Z 67 PC: 1329d | Get or set file attributes
2018-12-17T22:50:07.882016856Z 61 PC: 132a3 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:50:07.892313322Z 87 PC: 132a9 | Get or set file date and time
2018-12-17T22:50:07.89394425Z 63 PC: 132b6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:07.901072944Z 87 PC: 1331f | Get or set file date and time
2018-12-17T22:50:07.903131079Z 62 PC: 13323 | Close file
2018-12-17T22:50:07.910808007Z 79 PC: 1326a | Find next file
2018-12-17T22:50:07.913594192Z 67 PC: 1329d | Get or set file attributes
2018-12-17T22:50:07.924255015Z 61 PC: 132a3 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:50:07.932389911Z 87 PC: 132a9 | Get or set file date and time
2018-12-17T22:50:07.933716336Z 63 PC: 132b6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:07.941490408Z 87 PC: 1331f | Get or set file date and time
2018-12-17T22:50:07.951614655Z 62 PC: 13323 | Close file
2018-12-17T22:50:07.959577441Z 79 PC: 1326a | Find next file
2018-12-17T22:50:07.962473889Z 67 PC: 1329d | Get or set file attributes
2018-12-17T22:50:07.974251149Z 61 PC: 132a3 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:50:07.982517257Z 87 PC: 132a9 | Get or set file date and time
2018-12-17T22:50:07.986943917Z 63 PC: 132b6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:07.99477838Z 87 PC: 1331f | Get or set file date and time
2018-12-17T22:50:07.996533917Z 62 PC: 13323 | Close file
2018-12-17T22:50:08.005104218Z 79 PC: 1326a | Find next file
2018-12-17T22:50:08.009176013Z 67 PC: 1329d | Get or set file attributes
2018-12-17T22:50:08.020664771Z 61 PC: 132a3 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:50:08.028116705Z 87 PC: 132a9 | Get or set file date and time
2018-12-17T22:50:08.030070089Z 63 PC: 132b6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:08.037539754Z 87 PC: 1331f | Get or set file date and time
2018-12-17T22:50:08.039006416Z 62 PC: 13323 | Close file
2018-12-17T22:50:08.047387515Z 79 PC: 1326a | Find next file
2018-12-17T22:50:08.051403411Z 67 PC: 1329d | Get or set file attributes
2018-12-17T22:50:08.063547797Z 61 PC: 132a3 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:50:08.077571931Z 87 PC: 132a9 | Get or set file date and time
2018-12-17T22:50:08.080332039Z 63 PC: 132b6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:08.087522598Z 87 PC: 1331f | Get or set file date and time
2018-12-17T22:50:08.08928701Z 62 PC: 13323 | Close file
2018-12-17T22:50:08.099405925Z 79 PC: 1326a | Find next file
2018-12-17T22:50:08.102368172Z 67 PC: 1329d | Get or set file attributes
2018-12-17T22:50:08.11341672Z 61 PC: 132a3 | Open file (Filename = 'PAH.COM')
2018-12-17T22:50:08.12205584Z 87 PC: 132a9 | Get or set file date and time
2018-12-17T22:50:08.123839755Z 63 PC: 132b6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:08.13176682Z 87 PC: 1331f | Get or set file date and time
2018-12-17T22:50:08.134454011Z 62 PC: 13323 | Close file
2018-12-17T22:50:08.143667756Z 79 PC: 1326a | Find next file
2018-12-17T22:50:08.146882026Z 67 PC: 1329d | Get or set file attributes
2018-12-17T22:50:08.157557392Z 61 PC: 132a3 | Open file (Filename = 'TEST.COM')
2018-12-17T22:50:08.166077085Z 87 PC: 132a9 | Get or set file date and time
2018-12-17T22:50:08.168021546Z 63 PC: 132b6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:50:08.175489241Z 87 PC: 1331f | Get or set file date and time
2018-12-17T22:50:08.178000535Z 62 PC: 13323 | Close file
2018-12-17T22:50:08.187103559Z 79 PC: 1326a | Find next file
2018-12-17T22:50:08.189637668Z 59 PC: 13274 | Change current directory
2018-12-17T22:50:08.194919894Z 42 PC: 1327a | Get date 0x1327a: cmp dh, 7
0x1327d: je 0x13287
0x1327f: mov dx, 0x80
0x13282: mov ah, 0x1a
0x13284: int 0x21
0x13286: ret
0x13287: mov ah, 9
0x13289: lea dx, word ptr [bp + 0x22c]
0x1328d: int 0x21
0x1328f: jmp 0x1327f
0x13291: lea dx, word ptr [bp + 0x280]
0x13295: push dx
0x13296: mov ax, 0x4301
0x13299: xor cx, cx
0x1329b: int 0x21
0x1329d: mov ax, 0x3d02
0x132a0: pop dx
0x132a1: int 0x21
0x132a3: xchg ax, bx
0x132a4: mov ax, 0x5700
2018-12-17T22:50:08.19721995Z 26 PC: 13286 | Set disk transfer address
2018-12-17T22:50:08.198315187Z 9 PC: 12a47 | Display string (String= 'Soy un COM infectado!! ')
2018-12-17T22:50:08.204086991Z 76 PC: 12a4b | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10120,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:15.903640919Z 26 PC: 1325f | Set disk transfer address
2018-12-25T12:27:15.905516681Z 78 PC: 1326a | Find first file
2018-12-25T12:27:15.918965445Z 67 PC: 1329d | Get or set file attributes
2018-12-25T12:27:15.934868432Z 61 PC: 132a3 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:15.942531729Z 87 PC: 132a9 | Get or set file date and time
2018-12-25T12:27:15.943957463Z 63 PC: 132b6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:15.948950233Z 87 PC: 1331f | Get or set file date and time
2018-12-25T12:27:15.950672235Z 62 PC: 13323 | Close file
2018-12-25T12:27:15.958684208Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:15.961510887Z 67 PC: 1329d | Get or set file attributes (See above)
2018-12-25T12:27:15.971178116Z 61 PC: 132a3 | Open file (See above)
2018-12-25T12:27:15.978942012Z 87 PC: 132a9 | Get or set file date and time (See above)
2018-12-25T12:27:15.980681356Z 63 PC: 132b6 | Read file or device (See above)
2018-12-25T12:27:15.987473492Z 87 PC: 1331f | Get or set file date and time (See above)
2018-12-25T12:27:15.990110433Z 62 PC: 13323 | Close file (See above)
2018-12-25T12:27:15.997210781Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:15.99972672Z 67 PC: 1329d | Get or set file attributes (See above)
2018-12-25T12:27:16.009711195Z 61 PC: 132a3 | Open file (See above)
2018-12-25T12:27:16.016124816Z 87 PC: 132a9 | Get or set file date and time (See above)
2018-12-25T12:27:16.017423613Z 63 PC: 132b6 | Read file or device (See above)
2018-12-25T12:27:16.024600001Z 87 PC: 1331f | Get or set file date and time (See above)
2018-12-25T12:27:16.026224683Z 62 PC: 13323 | Close file (See above)
2018-12-25T12:27:16.033296862Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:16.036311897Z 67 PC: 1329d | Get or set file attributes (See above)
2018-12-25T12:27:16.057685406Z 61 PC: 132a3 | Open file (See above)
2018-12-25T12:27:16.064534018Z 87 PC: 132a9 | Get or set file date and time (See above)
2018-12-25T12:27:16.066482369Z 63 PC: 132b6 | Read file or device (See above)
2018-12-25T12:27:16.078800852Z 87 PC: 1331f | Get or set file date and time (See above)
2018-12-25T12:27:16.080737569Z 62 PC: 13323 | Close file (See above)
2018-12-25T12:27:16.088826874Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:16.095465948Z 67 PC: 1329d | Get or set file attributes (See above)
2018-12-25T12:27:16.120328948Z 61 PC: 132a3 | Open file (See above)
2018-12-25T12:27:16.131188471Z 87 PC: 132a9 | Get or set file date and time (See above)
2018-12-25T12:27:16.13359348Z 63 PC: 132b6 | Read file or device (See above)
2018-12-25T12:27:16.140219993Z 87 PC: 1331f | Get or set file date and time (See above)
2018-12-25T12:27:16.142226169Z 62 PC: 13323 | Close file (See above)
2018-12-25T12:27:16.150349696Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:16.152320292Z 67 PC: 1329d | Get or set file attributes (See above)
2018-12-25T12:27:16.164199208Z 61 PC: 132a3 | Open file (See above)
2018-12-25T12:27:16.17214591Z 87 PC: 132a9 | Get or set file date and time (See above)
2018-12-25T12:27:16.173820618Z 63 PC: 132b6 | Read file or device (See above)
2018-12-25T12:27:16.180403623Z 87 PC: 1331f | Get or set file date and time (See above)
2018-12-25T12:27:16.18304653Z 62 PC: 13323 | Close file (See above)
2018-12-25T12:27:16.191053302Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:16.193925805Z 67 PC: 1329d | Get or set file attributes (See above)
2018-12-25T12:27:16.204586902Z 61 PC: 132a3 | Open file (See above)
2018-12-25T12:27:16.211746116Z 87 PC: 132a9 | Get or set file date and time (See above)
2018-12-25T12:27:16.213412219Z 63 PC: 132b6 | Read file or device (See above)
2018-12-25T12:27:16.220307497Z 87 PC: 1331f | Get or set file date and time (See above)
2018-12-25T12:27:16.222939217Z 62 PC: 13323 | Close file (See above)
2018-12-25T12:27:16.230242969Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:16.233118733Z 67 PC: 1329d | Get or set file attributes (See above)
2018-12-25T12:27:16.243772835Z 61 PC: 132a3 | Open file (See above)
2018-12-25T12:27:16.255328718Z 87 PC: 132a9 | Get or set file date and time (See above)
2018-12-25T12:27:16.256668653Z 63 PC: 132b6 | Read file or device (See above)
2018-12-25T12:27:16.263926952Z 87 PC: 1331f | Get or set file date and time (See above)
2018-12-25T12:27:16.265697585Z 62 PC: 13323 | Close file (See above)
2018-12-25T12:27:16.27301079Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:16.27644486Z 59 PC: 13274 | Change current directory
2018-12-25T12:27:16.281061617Z 42 PC: 1327a | Get date 0x1327a: cmp dh, 7
0x1327d: je 0x13287
0x1327f: mov dx, 0x80
0x13282: mov ah, 0x1a
0x13284: int 0x21
0x13286: ret
0x13287: mov ah, 9
0x13289: lea dx, word ptr [bp + 0x22c]
0x1328d: int 0x21
0x1328f: jmp 0x1327f
0x13291: lea dx, word ptr [bp + 0x280]
0x13295: push dx
0x13296: mov ax, 0x4301
0x13299: xor cx, cx
0x1329b: int 0x21
0x1329d: mov ax, 0x3d02
0x132a0: pop dx
0x132a1: int 0x21
0x132a3: xchg ax, bx
0x132a4: mov ax, 0x5700
2018-12-25T12:27:16.283491797Z 26 PC: 13286 | Set disk transfer address
2018-12-25T12:27:16.285578087Z 9 PC: 12a47 | Display string (String= 'Soy un COM infectado!! ')
2018-12-25T12:27:16.290075934Z 76 PC: 12a4b | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10120,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:15.988494449Z 26 PC: 1325f | Set disk transfer address
2018-12-25T12:27:15.991054283Z 78 PC: 1326a | Find first file
2018-12-25T12:27:15.998222436Z 67 PC: 1329d | Get or set file attributes
2018-12-25T12:27:16.016733004Z 61 PC: 132a3 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:16.023732252Z 87 PC: 132a9 | Get or set file date and time
2018-12-25T12:27:16.026203194Z 63 PC: 132b6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:27:16.03341516Z 87 PC: 1331f | Get or set file date and time
2018-12-25T12:27:16.035251041Z 62 PC: 13323 | Close file
2018-12-25T12:27:16.043019276Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:16.053851655Z 67 PC: 1329d | Get or set file attributes (See above)
2018-12-25T12:27:16.071447901Z 61 PC: 132a3 | Open file (See above)
2018-12-25T12:27:16.08109938Z 87 PC: 132a9 | Get or set file date and time (See above)
2018-12-25T12:27:16.08310545Z 63 PC: 132b6 | Read file or device (See above)
2018-12-25T12:27:16.090746056Z 87 PC: 1331f | Get or set file date and time (See above)
2018-12-25T12:27:16.094316842Z 62 PC: 13323 | Close file (See above)
2018-12-25T12:27:16.102714662Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:16.106692351Z 67 PC: 1329d | Get or set file attributes (See above)
2018-12-25T12:27:16.118818165Z 61 PC: 132a3 | Open file (See above)
2018-12-25T12:27:16.126797179Z 87 PC: 132a9 | Get or set file date and time (See above)
2018-12-25T12:27:16.128836998Z 63 PC: 132b6 | Read file or device (See above)
2018-12-25T12:27:16.13696341Z 87 PC: 1331f | Get or set file date and time (See above)
2018-12-25T12:27:16.139023135Z 62 PC: 13323 | Close file (See above)
2018-12-25T12:27:16.147851303Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:16.151282822Z 67 PC: 1329d | Get or set file attributes (See above)
2018-12-25T12:27:16.164551338Z 61 PC: 132a3 | Open file (See above)
2018-12-25T12:27:16.174258694Z 87 PC: 132a9 | Get or set file date and time (See above)
2018-12-25T12:27:16.176400121Z 63 PC: 132b6 | Read file or device (See above)
2018-12-25T12:27:16.187289015Z 87 PC: 1331f | Get or set file date and time (See above)
2018-12-25T12:27:16.189395701Z 62 PC: 13323 | Close file (See above)
2018-12-25T12:27:16.198505574Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:16.203777552Z 67 PC: 1329d | Get or set file attributes (See above)
2018-12-25T12:27:16.217711759Z 61 PC: 132a3 | Open file (See above)
2018-12-25T12:27:16.227909973Z 87 PC: 132a9 | Get or set file date and time (See above)
2018-12-25T12:27:16.232535674Z 63 PC: 132b6 | Read file or device (See above)
2018-12-25T12:27:16.240399038Z 87 PC: 1331f | Get or set file date and time (See above)
2018-12-25T12:27:16.242266959Z 62 PC: 13323 | Close file (See above)
2018-12-25T12:27:16.252202203Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:16.255558573Z 67 PC: 1329d | Get or set file attributes (See above)
2018-12-25T12:27:16.267812072Z 61 PC: 132a3 | Open file (See above)
2018-12-25T12:27:16.276114135Z 87 PC: 132a9 | Get or set file date and time (See above)
2018-12-25T12:27:16.280556201Z 63 PC: 132b6 | Read file or device (See above)
2018-12-25T12:27:16.28945188Z 87 PC: 1331f | Get or set file date and time (See above)
2018-12-25T12:27:16.291882369Z 62 PC: 13323 | Close file (See above)
2018-12-25T12:27:16.301958056Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:16.305688252Z 67 PC: 1329d | Get or set file attributes (See above)
2018-12-25T12:27:16.317914886Z 61 PC: 132a3 | Open file (See above)
2018-12-25T12:27:16.331457698Z 87 PC: 132a9 | Get or set file date and time (See above)
2018-12-25T12:27:16.333916102Z 63 PC: 132b6 | Read file or device (See above)
2018-12-25T12:27:16.342217866Z 87 PC: 1331f | Get or set file date and time (See above)
2018-12-25T12:27:16.345436308Z 62 PC: 13323 | Close file (See above)
2018-12-25T12:27:16.354415794Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:16.357918063Z 67 PC: 1329d | Get or set file attributes (See above)
2018-12-25T12:27:16.369565312Z 61 PC: 132a3 | Open file (See above)
2018-12-25T12:27:16.377805096Z 87 PC: 132a9 | Get or set file date and time (See above)
2018-12-25T12:27:16.379809372Z 63 PC: 132b6 | Read file or device (See above)
2018-12-25T12:27:16.383173155Z 87 PC: 1331f | Get or set file date and time (See above)
2018-12-25T12:27:16.385777945Z 62 PC: 13323 | Close file (See above)
2018-12-25T12:27:16.394343338Z 79 PC: 1326a | Find next file (See above)
2018-12-25T12:27:16.397491427Z 59 PC: 13274 | Change current directory
2018-12-25T12:27:16.404082877Z 42 PC: 1327a | Get date 0x1327a: cmp dh, 7
0x1327d: je 0x13287
0x1327f: mov dx, 0x80
0x13282: mov ah, 0x1a
0x13284: int 0x21
0x13286: ret
0x13287: mov ah, 9
0x13289: lea dx, word ptr [bp + 0x22c]
0x1328d: int 0x21
0x1328f: jmp 0x1327f
0x13291: lea dx, word ptr [bp + 0x280]
0x13295: push dx
0x13296: mov ax, 0x4301
0x13299: xor cx, cx
0x1329b: int 0x21
0x1329d: mov ax, 0x3d02
0x132a0: pop dx
0x132a1: int 0x21
0x132a3: xchg ax, bx
0x132a4: mov ax, 0x5700
2018-12-25T12:27:16.406990369Z 9 PC: 1328f | Display string (String= 'Evasor v2.0 Pruslas [Los Sicarios de Midas] ')
2018-12-25T12:27:16.416336169Z 26 PC: 13286 | Set disk transfer address
2018-12-25T12:27:16.419591755Z 9 PC: 12a47 | Display string (String= 'Soy un COM infectado!! ')
2018-12-25T12:27:16.424610721Z 76 PC: 12a4b | Terminate with return code (Return code = '36')